How LACNIC Contributes to DNS Resilience
March 25, 2024
During the Opportunities for the Development of Critical Infrastructure webinar, LACNIC CTO Carlos Martínez highlighted the contribution of the Regional Internet Registry for Latin American and Caribbean (LACNIC) across three different aspects of DNS anycast.
Anycast for LACNIC’s reverse DNS zones. LACNIC operates the reverse zones associated with the /8 IPv4 and /12 IPv6 blocks it has been delegated. These zones receive large amounts of traffic, which is why it is distributed among anycast servers operated by LACNIC. If the resolution of these zones were to fail, LACNIC members would be left without reverse resolution.
Anycast for the “in.addr.arpa” and “ipv6.arpa” zones. The /8 and /12 zones of every Registry depend on these two top level zones in the reverse DNS hierarchy. Their resolution is crucial for the entire Internet and is the responsibility of all RIRs. In this sense, LACNIC contributes with anycast servers for both “in.addr.arpa” and “ipv6.arpa”. This is an effort that involves cooperation with the other RIRs.
Anycast root server copies. The DNS root zone relies on 13 authoritative servers, and LACNIC contributes copies of several of them. For nearly 20 years, LACNIC has supported the installation of anycast copies through its +Raíces program. Thirty-six copies have already been installed and several others are in the process of installation. The process of installing a copy of a root server involves cooperation with the server’s operator and procuring hardware, Martinez observed.
(Free access, no subscription required)
What is anycast? Anycast is a network addressing and routing method in which a single IP address is assigned to multiple geographically disperse name servers (DNS). When a user queries the DNS, the query is directed to the closest server in terms of latency or network route.
In cases involving the operation of a large-scale DNS, a zone with multiple records and large amounts of traffic, or a recursive server catering to many clients, ensuring server availability may require special attention, Martínez said.
Can the anycast technique be used with DNS? Given that it is a UDP-based protocol, there is no need to struggle with establishing connections. “This works, and it works very well,” Martinez added. For example, if a DNS server that is publishing via anycast disappears because of a failure or shutdown, the problem is solved if the BGP announcement remains in the global BGP tables. “BGP itself selects the next best path. Most of the time, users don’t even notice this is happening,” Martínez said.